diff --git a/.github/workflows/create-next-release-branch.yml b/.github/workflows/create-next-release-branch.yml index e1cc71c02a0..8fc01cd442d 100644 --- a/.github/workflows/create-next-release-branch.yml +++ b/.github/workflows/create-next-release-branch.yml @@ -11,7 +11,9 @@ on: type: string required: true secrets: - token: + GRAFANA_DELIVERY_BOT_APP_ID: + required: true + GRAFANA_DELIVERY_BOT_APP_PEM: required: true outputs: branch: @@ -26,7 +28,9 @@ on: type: string required: true secrets: - token: + GRAFANA_DELIVERY_BOT_APP_ID: + required: true + GRAFANA_DELIVERY_BOT_APP_PEM: required: true jobs: main: @@ -34,10 +38,16 @@ jobs: outputs: branch: ${{ steps.branch.outputs.branch }} steps: + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Create release branch id: branch uses: grafana/grafana-github-actions-go/bump-release@main with: ownerRepo: ${{ inputs.ownerRepo }} source: ${{ inputs.source }} - token: ${{ secrets.token }} + token: ${{ steps.generate_token.outputs.token }} diff --git a/.github/workflows/migrate-prs.yml b/.github/workflows/migrate-prs.yml index 9a41ee6ee8a..31bb8f9f9da 100644 --- a/.github/workflows/migrate-prs.yml +++ b/.github/workflows/migrate-prs.yml @@ -16,7 +16,9 @@ on: required: true type: string secrets: - token: + GRAFANA_DELIVERY_BOT_APP_ID: + required: true + GRAFANA_DELIVERY_BOT_APP_PEM: required: true workflow_dispatch: inputs: @@ -33,17 +35,25 @@ on: required: true type: string secrets: - token: + GRAFANA_DELIVERY_BOT_APP_ID: + required: true + GRAFANA_DELIVERY_BOT_APP_PEM: required: true jobs: main: runs-on: ubuntu-latest steps: + - name: "Generate token" + id: generate_token + uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 + with: + app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} - name: Migrate PRs uses: grafana/grafana-github-actions-go/migrate-open-prs@main with: - token: ${{ secrets.token }} + token: ${{ steps.generate_token.outputs.token }} ownerRepo: ${{ inputs.ownerRepo }} from: ${{ inputs.from }} to: ${{ inputs.to }} diff --git a/.github/workflows/release-comms.yml b/.github/workflows/release-comms.yml index 86e698df758..720948e659b 100644 --- a/.github/workflows/release-comms.yml +++ b/.github/workflows/release-comms.yml @@ -30,15 +30,8 @@ jobs: release_branch: ${{ steps.output.outputs.release_branch }} dry_run: ${{ steps.output.outputs.dry_run }} latest: ${{ steps.output.outputs.latest }} - token: ${{ steps.output.outputs.token }} runs-on: ubuntu-latest steps: - - name: "Generate token" - id: generate_token - uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 - with: - app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} - private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} # The github-release action expects a `LATEST` value of a string of either '1' or '0' - if: ${{ github.event_name == 'workflow_dispatch' }} run: | @@ -58,7 +51,6 @@ jobs: echo "version: $VERSION" echo "release_branch=$(echo $VERSION | sed -s 's/^v/release-/g')" >> "$GITHUB_OUTPUT" - echo "token=${{ steps.generate_token.outputs.token }}" >> "$GITHUB_OUTPUT" echo "dry_run=$DRY_RUN" >> "$GITHUB_OUTPUT" echo "latest=$LATEST" >> "$GITHUB_OUTPUT" echo "version=$VERSION" >> "$GITHUB_OUTPUT" @@ -66,42 +58,46 @@ jobs: name: Create next release branch (Grafana) needs: setup uses: ./.github/workflows/create-next-release-branch.yml + secrets: + GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} with: ownerRepo: 'grafana/grafana' source: ${{ needs.setup.outputs.release_branch }} - secrets: - token: ${{ needs.setup.outputs.token }} create_next_release_branch_enterprise: name: Create next release branch (Grafana Enterprise) needs: setup uses: ./.github/workflows/create-next-release-branch.yml - with: - ownerRepo: 'grafana/grafana' - source: ${{ needs.setup.outputs.release_branch }} secrets: - token: ${{ needs.setup.outputs.token }} + GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} + with: + ownerRepo: 'grafana/grafana-enterprise' + source: ${{ needs.setup.outputs.release_branch }} migrate_prs_grafana: needs: - setup - create_next_release_branch_grafana uses: ./.github/workflows/migrate-prs.yml + secrets: + GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} with: ownerRepo: 'grafana/grafana' from: ${{ needs.setup.outputs.release_branch }} to: ${{ needs.create_next_release_branch_grafana.outputs.branch }} - secrets: - token: ${{ needs.setup.outputs.token }} migrate_prs_enterprise: needs: - setup - create_next_release_branch_enterprise uses: ./.github/workflows/migrate-prs.yml + secrets: + GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }} + GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }} with: ownerRepo: 'grafana/grafana-enterprise' from: ${{ needs.setup.outputs.release_branch }} to: ${{ needs.create_next_release_branch_enterprise.outputs.branch }} - secrets: - token: ${{ needs.setup.outputs.token }} post_changelog_on_forum: needs: setup uses: ./.github/workflows/community-release.yml